http://bugzilla.opensuse.org/show_bug.cgi?id=1184808 Bug ID: 1184808 Summary: AUDIT-0: Shipping keys via repos Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: jsegitz@suse.com QA Contact: qa-bugs@suse.de CC: d_werner@gmx.net, guillaume.gardet@arm.com, lubos.kocman@suse.com, mlin@suse.com, ro@suse.de Depends on: 1184326 Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1184326 +++ Details are in the original bug. copy paste from Michael: I'd be happy if we now catch the momentum and get a solution for this quite common issue (a repo that want's to ship additional keys). It would IMO be a good step forward especially for 3rd parties, if they are enabled to ship their keys in way zypp recognizes them when the repo is added. This is an issue for Leap 15.3 because of the SLES key, but they want a more general mechanism. As this is a very sensitive topic we should review this first -- You are receiving this mail because: You are on the CC list for the bug.